Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25353c86 by Salvatore Bonaccorso at 2024-08-03T15:01:03+02:00
Make relation from CVE-2024-7319 due to incomplete fixes for CVE-2023-1625
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,7 +1,6 @@
CVE-2024-7319 (An incomplete fix for CVE-2023-1625 was found in
openstack-heat. Sensi ...)
- heat <unfixed>
- [bullseye] - heat <no-dsa> (Minor issue)
- [buster] - heat <no-dsa> (Minor issue)
+ [bullseye] - heat <not-affected> (Incomplete fix for CVE-2023-1625 not
applied)
NOTE: https://storyboard.openstack.org/#!/story/2011007
CVE-2024-7291 (The JetFormBuilder plugin for WordPress is vulnerable to
privilege esc ...)
NOT-FOR-US: WordPress plugin
@@ -103604,6 +103603,7 @@ CVE-2023-1625 (An information leak was discovered in
OpenStack heat. This issue
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621
NOTE: https://review.opendev.org/c/openstack/heat/+/868166
NOTE:
https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf
(20.0.0.0rc1)
+ NOTE: When fixing the issue make sure to apply the complete follow up
fix to not open up CVE-2024-7319
CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when
deleti ...)
NOT-FOR-US: WordPress plugin
CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not
proper ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25353c8672aeafb8a13fa7b996576fb1e6f3fc79
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25353c8672aeafb8a13fa7b996576fb1e6f3fc79
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
